﻿// Copyright (c) Brock Allen & Dominick Baier. All rights reserved.
// Licensed under the Apache License, Version 2.0. See LICENSE in the project root for license information.

using IdentityServer4;
using IdentityServer4.Models;
using Microsoft.Extensions.Configuration;
using System.Collections.Generic;

namespace dreamwork.auth.api
{
    public class Config
    {
        // scopes define the resources in your system
        public static IEnumerable<IdentityResource> GetIdentityResources()
        {
            return new List<IdentityResource>
            {
                new IdentityResources.OpenId(),
                new IdentityResources.Profile(),
            };
        }

        public static IEnumerable<ApiResource> GetApiResources()
        {
            return new List<ApiResource>
            {
                new ApiResource("dreamwork.exam.api", "Exam API"),
                new ApiResource("dreamwork.pay.api", "Pay API"),
                new ApiResource("dreamwork.membercenter.api", "Member Center API"),
                new ApiResource("dreamwork.web.api", "Web API"),
            };
        }

        // clients want to access resources (aka scopes)
        public static IEnumerable<Client> GetClients(IConfiguration configuration)
        {
			var hostAddress = $"{configuration["Schema"]}://{configuration["DREAMWORK_DNS_NAME_OR_IP"]}";
            // client credentials client
            return new List<Client>
            {
                 new Client
                {
                    ClientId = "dreamwork.admin.client",
                    ClientName = "Admin Client",
                    AllowedGrantTypes = GrantTypes.HybridAndClientCredentials,
                    ClientSecrets =
                    {
                        new Secret("secret".Sha256())
                    },
                    AllowedScopes =
                    {
                        IdentityServerConstants.StandardScopes.OpenId,
                        IdentityServerConstants.StandardScopes.Profile,
                        "dreamwork.exam.api",
                        "dreamwork.membercenter.api",
                        "dreamwork.pay.api",
                        "dreamwork.web.api"
                    },
                    AllowOfflineAccess = true
                },

                // OpenID Connect hybrid flow and client credentials client (MVC)
                new Client
                {
                    ClientId = "dreamwork.web.mvc.app",
                    ClientName = "MVC Client",
                    AllowedGrantTypes = GrantTypes.HybridAndClientCredentials,

                    ClientSecrets =
                    {
                        new Secret("secret".Sha256())
                    },

                    RedirectUris = { $"{hostAddress}:5204/signin-oidc" },
                    PostLogoutRedirectUris = { $"{hostAddress}:5204/signout-callback-oidc" },
                    RequireConsent= false,
                    AllowedScopes =
                    {
                        IdentityServerConstants.StandardScopes.OpenId,
                        IdentityServerConstants.StandardScopes.Profile,
                        "dreamwork.exam.api",
                        "dreamwork.membercenter.api",
                        "dreamwork.pay.api",
                        "dreamwork.web.api"
                    },
                     AllowOfflineAccess = true,
                    //Access token life time is 7200 seconds (2 hour)
                    AccessTokenLifetime = 7200,
                    //Identity token life time is 7200 seconds (2 hour)
                    IdentityTokenLifetime = 7200
                },

                // JavaScript Client
                new Client
                {
                    ClientId = "dreamwork.web.js.app",
                    ClientName = "JavaScript Client",
                    AllowedGrantTypes = GrantTypes.Implicit,
                    AllowAccessTokensViaBrowser = true,

                    ClientSecrets =
                    {
                        new Secret("secret".Sha256())
                    },
                    RedirectUris = { $"{hostAddress}:5206/callback.html" },
                    PostLogoutRedirectUris = { $"{hostAddress}:5206/index.html" },
                    AllowedCorsOrigins = { $"{hostAddress}:5206" },

                    RequireConsent= false,
                    AllowedScopes =
                    {
                        IdentityServerConstants.StandardScopes.OpenId,
                        IdentityServerConstants.StandardScopes.Profile,
                        "dreamwork.exam.api",
                        "dreamwork.membercenter.api",
                        "dreamwork.pay.api",
                        "dreamwork.web.api"
                    },
                }
            };
        }
    }
}